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DETAILED ACTION 

1 . Claims 1-4, 6-36 and 38-67 remain pending. 

Specification 

2. Applicants' new title has been accepted and entered into the record. 

Claim Objections 

3. Claim 65 is objected to because of the following informalities: 

• In lines 1-2, ". . .stored in computer readable medium. . ." should be changed to 
. . stored in a computer readable medium. . ." in order to avoid a possible 
rejection under 35 USC 112, second paragraph, lack of antecedent basis. 
Appropriate correction is required. 

Claim Rejections - 35 USC §101 

4. Applicants' amendment to claim 65 overcomes the rejection under 35 USC 101 and 
therefore the rejection has been withdrawn. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

6. Claims 1, 2, 33, 34, 65,66 and 67 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Howard et-al. (US 7,051,368 Bl), hereinafter referred to as Howard. 
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7. Regarding claim 1 , Howard discloses a filtering apparatus which is interposed between a 
client and a server providing a service in accordance with each of access requests from the client, 
and which transmits only a legal access request among the access requests to the server, the 
filtering apparatus comprising: 

an illegal pattern database which stores patterns of illegal accesses to the server (col. 7, 11. 
24-30, Howard discloses the use of a memory location containing one or more patterns that have 
been defined and make up a pattern collection); 

a pattern estimation unit which estimates legality of an access request based on the illegal 
access patterns stored in the illegal pattern database and on a predetermined pattern estimation 
rule (col. 7, line 66 - col. 8, line 20, Howard teaches the evaluation of input strings to determine 
the presence of input strings.); 

a pattern determination unit which determines whether each access request is to be 
transmitted to the server based on the estimation by the pattern estimation unit and on a 
predetermined pattern determination rule, the pattern determination unit producting a 
determination result (col. 8, 11. 21-23, Howard teaches that if it is determined that attack patterns 
are present, then remedial actions are taken as necessary to eliminate risks to the server system). 

a transmission unit which controls transmission of the access request based on 
determination result of the pattern determination unit so as to transmit the access request to the 
server when the access request is estimated to be legal, and so as to reject transmission of the 
access request to the server and so as to abandon the request when the access request is estimated 
to be illegal (col. 7, 11. 36-58, Howard teaches that if no attack patterns have been found, then 
processing continues as normal and if it is determined that the input string contains attack 
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pattern(s) then remedial action is taken, including the denial of a request altogether from the 
client to the server.). 

8. Claims 33, 65, 66 and 67 contain similar subject matter, and are rejected under the same 
rationale as independent claim 1 . 

9. Regarding claim 2, Howard discloses the filtering apparatus wherein 

the pattern estimation unit estimates that each of the access requests is an illegal access if 
the access request corresponds to any one of the illegal access patterns stored in the illegal 
pattern database, and estimates that the access request is a legal access if the access request does 
not correspond to any one of the illegal access patterns stored in the illegal pattern database (col. 
8, 11. 21-23, Howard teaches that if it is determined that attack patterns are present, then remedial 
actions are taken as necessary to eliminate risks to the server system); and 

the pattern determination unit determines that the access request estimated as the illegal 
access by the pattern estimation unit is not to be transmitted to the server, and determines that the 
access request estimated as the legal access by the pattern estimation unit is to be transmitted to 
the server (col. 8, 11. 21-23, Howard teaches that if it is determined that attack patterns are 
present, then remedial actions are taken as necessary to eliminate risks to the server system). 

10. Claim 34 contains similar subject matter and is rejected under the same rationale as claim 
2. 

Claim Rejections - 35 USC § 103 

11. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
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having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

12. This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S. C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1 .56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the applicability of 35 U.S.C. 103(c) 
and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 

13. Claims 3, 4, 6-19, 26-30, 35, 36, 38-51, 58-62 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Howard in view of Carter et al. (US 2003/0051026), hereinafter referred 
to as Carter. 

14. In regards to claim 3 and 35 Howard does not explicitly teach of wherein the pattern 
estimation unit calculates a predetermined estimation value according. . . .Carter teaches on this 
aspect (Paragraph [0006] and [0447]. One of ordinary skill in the art at the time of invention 
would have been motivated to make the above mentioned modifications for the reasons 
discussed in Carter, Paragraph[0005]. 

15. In regards to claim 4 and 36, Howard teaches about a legal pattern database which stores 
. . . and a predetermination unit which predetermines whether each of the access requests 
corresponds. . . (col. 7, 11. 36-58). Howard does not explicitly teach of wherein the pattern 
estimation unit estimates the legality of only the access request determined not to correspond to 
any one of the legal access patterns by the predetermination unit. Carter teaches on this aspect 
Paragraph [0006]. One of ordinary skill in the art at the time of invention would have been 
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motivated to make the above mentioned modifications for the reasons discussed in Carter, 
Paragraph[0005]. 

16. In regards to Claim 16 and 48 Howard does not explicitly teach of a external transmission 
unit which transmits each of the access requests determined not to be transmitted to the server by 
the pattern determination unit, to a predetermined external device based on a predetermined 
external transmission rule. Carter implicity teaches on this aspect (Paragraph [0006, lines 17- 
19). One of ordinary skill in the art at the time of invention would have been motivated to make 
the above mentioned modifications for the reasons discussed in Carter, Paragraph [0005]. 

17. In regards to Claim 6, 17 and 38,49 Howard teaches about a storage unit (Fig 4) which 
stores each of the access request (fig. 4). 

18. In regards to Claim 7, 18-19 and 39,50-51 Howard teaches the need for an update unit 
which updates the illegal pattern database (col. 7, 11. 24-26). 

19. In regards to Claim 8, and 40 Howard teaches about an access request transmission unit 
which transmits, as a legal access request, (col. 7, 11. 36-58) but does not explicitly teach of only 
the access request determined to be transmitted to the server by the pattern and statistic 
determination units, to the server statistically illegal request database .... from the statistic of the 
access requests for the server; a statistic estimation unit ... a statistic determination unit; Carter 
implicitly teaches on these aspects. Carter teaches of using statistical analysis to detect 
anomalous events (Page 58, 2 nd Col, Claim 20). One of ordinary skill in the art at the time of 
invention would have been motivated to make the above mentioned modifications for the reasons 
discussed in Carter, Paragraph [0005]. 
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20. In regards to Claim 9-11 and 41-43 Howard does not explicitly teach of the statistically 
illegal request database stores transmitting end information on the clients each of which issues 
access requests. . . . stores request contents of the access requests. . . .and determines that the access 
request estimated as the legal access by the statistic estimation unit is to be transmitted to the 
server. Carter teaches on these aspects (Page 58, 2 nd Col, Claim 20, Paragraph 
[0205,0204,0216]). Motivation is same as discussed in Claim 8. 

21. In regards to claims 12 and 44 Howard does not explicitly teach the statistically illegal 
request database stores transmitting end information on the clients.... calculates a predetermined 
estimation value according to a degree to which the transmitting end. . . Carter teaches on these 
aspects (Paragraph [0204-0205, 0216,0006]). Motivation is same as discussed in Claim 8. 

22. In regards to claims 13-15 and 45-47 Howard teaches about estimating the legality of 
access request (col. 7, 11. 36-58) but does not explicitly teach of statistic estimation... Carter 
implicitly teaches on these aspects (Page 58, 2 nd Col, Claim 20). It should be noted that Carter is 
explicit about detecting anomalous; however it would have been obvious to one of ordinary skill 
in the art at the time of invention to extend his invention so that the statistical analysis can 
correspond to legal access request as well based on what is taught by Carter in Paragraph [0183]. 
Motivation is same as discussed in Claim 8. 

23. In regards to claims 26-29 and 58-61 Howard does not explicitly teach of an access 
request decryption step of decrypting. . . the access request which has been subjected to the 
predetermined encryption processing. Carter teaches on these aspects (Paragraph [0225-0226]. 
Motivation is same as discussed in Claim 8. 
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24. In regards to claims 30 and 62 Howard implicitly teaches of a pseudo-response database 
which stores pseudo-responses corresponding to the patterns of the illegal accesses to the 
server... (Figure 4). 

25. Claims 31-32 and 63 -64 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Howard as applied to claims 1 and 33 above, and further in view of Carter and Cahill (US 
6535855). 

26. In regards to claims 3 1 and 63 Howard does not explicitly teach of decoy unit which 
receives the access requests each of. . .Cahill teaches on these aspects (Col 12, lines 50-55, Col 
13, lines 20-35). One of ordinary skill in the art at the time of invention would have been 
motivated to make the above-mentioned modifications for the reasons discussed in Carter 
(Paragraph [0026]). 

27. In regards to claims 32 and 64 Howard implicitly teaches of a pseudo-response database 
which stores pseudo-responses corresponding to the patterns of the illegal accesses . . . and a 
pseudo-response transmission unit which transmits the pseudo-responses created by the pseudo- 
response (Fig. 4). Howard does not explicitly teach of a decoy unit which receives the access 
requests which do not correspond to the illegal access patterns stored in the pseudo-response 
database. . . Carter teaches of access request which do not correspond to the illegal access patterns 
(Col 9, lines 30-65) and Cahill teaches of a decoy unit (Col 13, lines 20-25). Motivation is the 
same as discussed in Claims 8 and Claim 17. 

28. Claims 20-21 and 52-53 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Howard as applied to claim 1 and 33 above, and further in view of Kashani (US 2002/0165894) 
and Birrel et al. (US 2003/0135555 Al). 
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29. In regards to Claims 20 - 21 and 52-53 Howard teaches about a database with stores 
patterns of illegal request (col. 7, 11. 36-58) but does not explicitly teach of illegal responses. 
Kashani teaches on this aspect (Paragraph [0120]). One of ordinary skill in the art at the time of 
invention would be motivated to make the above-mentioned modifications for the reasons 
discussed in an analogous art (Birrel, Paragraph [0004]). 

30. Claims 22-25 and 54-57 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Howard as applied to claims 1 and 33 above, and further in view of Carter and Kashani. 

31. In regards to claims 22-25 and 54-57 Howard does not explicitly teach about illegal 

response database threshold value. . . .external transmission unit. . . .storage of response that is 

not transmitted. . . .and update unit Carter teaches on threshold value 

(Paragraph[0006,0218]. . . .external transmission unit(Paragraph[0006]. . . .storage of information 
that is not transmitted(Paragraph[0006]) that is not transmitted. . . .and update unit 
(Paragraph[0253]) but does not explicitly teach about illegal responses. Kashani teaches on this 
aspect (Paragraph [0120]). Motivation is the same as discussed in Claim 8 and Claim 20. 

Response to Arguments 

32. Applicant's arguments filed 17 October 2006 have been fully considered but they are not 
persuasive. 

33. Applicants' argue with respect to claims 1-4, 6-36 and 38-67 that Howard neither 
teaches, discloses, nor suggests (A) estimating the "legality of an access request," let alone (B) 
"a pattern estimation unit which estimates legality of an access request based on the illegal 
access patterns stored in the illegal pattern database and on a predetermined pattern estimation 
rule". The examiner respectfully disagrees for the reasons set forth below. 
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34. (A) Examiner maintains that the Howard reference teaches on the claim limitation of 
estimating the "legality of an access request" as taught by Howard in column 7, line 66 - column 
8, line 20. Howard teaches the evaluation of a string that is being sent from a client to a server 
location to determine if the string contains an attack pattern. If an attack pattern is found the 
string can be identified as a string containing an attack pattern and remedial actions may be 
performed, for example, to block the string from being received at the server. The strings being 
sent from a client to a server can be for example a regular expression, a URL, or an HTTP verb 
request. Regarding that to which is claimed by applicants, legality of an access request is best 
understood given broadest reasonable interpretation, the access request being a message being 
sent to a server from a client device wherein legality of the message is understood as the 
determination of whether or not a message should or should not be allowed to be forwarded to a 
server. This interpretation is based on what is provided in the applicants' filed specification for 
example on page 13, lines 13-20. Therefore, what is taught by Howard is deemed to be within 
the scope of the claimed limitation. 

35. (B) Examiner maintains that the Howard reference teaches on the claim limitation of "a 
pattern estimation unit which estimates legality of an access request based on the illegal access 
patterns stored in the illegal pattern database and on a predetermined pattern estimation rule". 
Howard teaches in column 7, line 66 - column 9, line 20 the evaluation of input strings to 
determine the presence of input strings. Howard teaches in column 7, lines 24-30 the use of 
memory which contains one or more patterns that have been defined and make up a pattern 
collection. Therefore, in view of point (A) and what is further taught by Howard, Howard does 
teach on the claim limitation "a pattern estimation unit which estimates legality of an access 
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request based on the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule". 

36. Therefore, in view of the reasons and rejections set forth above, claims 1-4, 6-36 and 38- 
67 are not deemed patentable over the cited prior art of record. 

^ BEATRIZ PRIETO 
PRIMARY EX W'-- • 
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Conclusion 

37. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Hoefelmeyer et al. (US 7,043,757) teaches a system and method for malicious code detection 
wherein during operation, a scanning computer system scans content for malicious code 
and generates an alarm when the content contains malicious code. 

Crosbie et al (US 7,134,141 B2) teaches a system and method for host and network based 
intrusion detection and response. 

38. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin A. Ailes whose telephone number is (571)272-3899. 
The examiner can normally be reached on M-F 6:30-4, IFP Work Schedule. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571)272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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